How to change DRM providers

Embarking on the path to switch DRM providers for video streaming isn’t just a technical move — it’s about future-proofing your digital content against evolving threats and unforeseen challenges.

Either because you’re thinking of deploying new features, aiming to reduce costs, or struggling through an unexpected video pipeline migration; you want to be prepared to change DRM providers.

However, in the rapidly evolving streaming landscape, navigating changes in DRM licensing vendors can be challenging, especially with the persistent advancements in piracy. Success requires expertise to strike the right balance between cost, robust protection, and compatibility across DRM technologies.

That’s why we’ve put together this concise guide. It offers a comprehensive overview of key considerations when switching DRM providers and answers to your most pressing questions.

hand holding three light bulbs representing drm providers

Why change DRM providers?

As the video streaming landscape evolves, so do content protection requirements across companies. It isn’t uncommon for media protection specialists to comb the market in search of new alternatives when a DRM contract comes to an end or business needs have changed.

Similarly, the deprecation of media storage and processing services such as Azure Media Services (AMS) is forcing companies involved in the streaming world to find new alternatives to rebuild (and why not improve along the way) their content distribution workflows.

Whatever the reason, you should inform yourself before committing to a new DRM provider.

How does DRM work?

As the industry standard against content piracy, DRM is the go-to choice for the right holders to distribute their content. If you want to handle premium content, you must understand how to handle DRM. However, the complexities of a video DRM system can be daunting and potentially undermine your ability to choose the right DRM provider.

For this reason, we’ll quickly go over the core concepts behind every DRM system and explain how they work in the context of searching for a new DRM provider. If you want to get a more detailed understanding of how DRM works, you can check out this explanation.

Content encryption

As a first step in every DRM-protected scheme, content must be encrypted. It is usually done through a symmetric-key algorithm, also known as Advanced Encryption Standard (AES). This encryption involves the scrambling of video(s) and the association of a key (Content Encryption Key, CEK) capable of decrypting them, thereby ensuring that only authorized users can access the content.

Then, the access keys are either pushed to a DRM server, like DRMtoday, or pulled from it. Upon retrieval, the video player acquires these keys and licenses them through the DRM provider to initiate media sessions, effectively enabling playback of the selected movie or show by the user.

Content encryption can be done as part of the encoding process at the pipeline’s outset or executed on-the-fly, also known as just-in-time (JIT) encryption. This distinction becomes crucial when selecting a new DRM provider, considering factors such as access to the original content and the specifics of the encoding and packaging processes employed.

Key access

Content encryption is done with a CEK with its corresponding KeyID. Both values are securely stored in your DRM server. KeyID is usually announced in the manifest. Key IDs are usually public but the actual CEK used to decrypt the content is private and must be stored most securely.

So when running a DRM-protected scheme, CEK and KeyIDs access must be managed by the DRM provider, ensuring the highest level of security and compatibility with different DRM technologies across devices.

Key ingestion

Whether you’re trying to push or retrieve your keys from a DRM server, in both scenarios the typical sequence involves the initial ingestion of keys. Once the keys are securely “ingested” in the DRM provider system, those keys cannot be exposed or “taken out” of the system. The idea behind this is to make sure no one has access to your encrypted content other than authorized users.

Typically, DRM licensing like DRMtoday includes a key ingestion API (Key Management API) to ensure a smooth ingestion of keys.


Once a playback request is made through the user’s player, the DRM system must verify and authenticate the user with the customer’s system authorization API, either through callback or upfront token authentication. Once the request has been authenticated, the DRM system sends a license with the decryption key to the player. And just like that, your DRM system is operational and ready to go.

Switching DRM providers

Now that you have a general overview of the basics of a DRM system, let’s jump right into how to change DRM providers.

The main question you should ask yourself is whether you still have access to your CEK. Thus, from the technical level, it boils down to two options around the key access to achieve an effective DRM vendor migration.

Key with a green check icon to change DRM providers

A. Keys are available

If you still have access to your keys, the process is pretty straightforward. You should be able to migrate those keys into the new DRM system through an ingestion API.

In the case of switching to castLabs DRMtoday, key migration is done quickly and efficiently through the creation of a customized script that would ensure key relocation in one to five days, depending on the particular requirements of the system.

Key with a red block icon to change DRM providers

B. Keys are not available

In case you don’t have access to your keys, there are a few options available. The first one would be to re-encrypt the content.

  • 1. Content re-encryption: For this, you would need access to the mezzanine or original files and put them again through an encoding process. While not ideal, this option would generate new access keys to all your encrypted files. The downside is the time and high cost needed to re-encrypt your content library. Depending on your particular needs, it could take weeks to complete.

If access to the original files is unavailable, a workaround can be implemented using the packager.

  • 2. Packager: If the packager in your video pipeline retains keys, these keys can theoretically be extracted from the packager and then ingested into a DRM system, such as DRMtoday, following a similar process to that of the first scenario where keys are readily accessible. This would work, particularly, if encryption was done JIT.

Another option is the keySeed-based approach.

  • 3. Key derivation: For this scenario, the DRM system doesn’t require key ingestion because it can generate new keys based on the keySeed and KeyID. While this method serves as a fallback solution, the same algorithm (key derivation) must be employed to generate the key and you must have access to your keySeed and KeyID.
Diagram summarizing how to change DRM providers
Diagram summarizing the steps to change DRM providers

Lastly, you must take into account the particularities of your security scheme. In this sense, multi-key and key rotation could have an impact on your decision. Keys can be tailored to different quality standards based on studio specifications, with each key containing specific information about its intended use. Based on this, your new DRM provider must ensure that these configurations are properly enforced.

Other considerations before changing DRM providers

In addition to the core technical requirements, it’s crucial to consider another set of aspects that will be influenced by your choice of a new DRM provider:

  • Seamless transition for users: Shifting from one DRM provider to another should be as smooth as silk for your users. Imagine it as upgrading the key to their entertainment vault without them even noticing. Any disruption in their viewing experience can lead to frustration, potentially causing a dent in customer loyalty. Ensure that the transition is not only technically sound but also user-friendly, avoiding any kind of disruption. A flawless switch ensures that your audience remains immersed in your content, unaware of the backend changes.
  • Flexibility and multi-region infrastructure: The digital landscape is dynamic, and your DRM solution should dance to the same beat. Opt for a provider that not only caters to your current needs but also grows with you. Scalability is the name of the game – you want a partner that can adapt to your expanding user base, content library, changing security needs, and emerging industry standards. Flexibility ensures that you’re not only future-proofing your content but also future-enhancing it. A DRM provider that aligns with your company’s growth trajectory ensures a long-lasting and fruitful partnership.
  • Legal and compliance confidence:As the guardian of valuable digital assets, your DRM provider should be a legal ally as well. Ensure that the prospective provider aligns with not just your content protection needs but also legal and compliance requirements. Choose a partner that understands industry standards, ensuring your content is both secure and legally sound.


Depending on the availability of your keys, you’ll have a few alternatives to migrate to a new DRM provider. Although it’s not a common requirement, it’s not impossible to change providers.

At castLabs, we have a long track record of successfully handling complex video protection projects. We’ve helped numerous other companies in solving their content licensing hurdles with our best-of-breed DRMtoday service. You can rest assured we’ll find a solution for you, following more than 15 years of experience in content processing, protection, and playback.

Contact us

Thinking about switching DRM providers? Reach out to us for a complimentary project assessment!

Get in touch


Posted by

Jean Navarrete

Jean Navarrete
Digital Marketing Manager

View more blog posts